seacen seminar on internal audit of central banks taipei taiwan r o c 14 17 september 2004 l.
Skip this Video
Loading SlideShow in 5 Seconds..
SEACEN Seminar on “INTERNAL AUDIT OF CENTRAL BANKS” Taipei, Taiwan, R.O.C. 14-17 September 2004 PowerPoint Presentation
Download Presentation
SEACEN Seminar on “INTERNAL AUDIT OF CENTRAL BANKS” Taipei, Taiwan, R.O.C. 14-17 September 2004

Loading in 2 Seconds...

play fullscreen
1 / 60

SEACEN Seminar on “INTERNAL AUDIT OF CENTRAL BANKS” Taipei, Taiwan, R.O.C. 14-17 September 2004 - PowerPoint PPT Presentation

  • Uploaded on

SEACEN Seminar on “INTERNAL AUDIT OF CENTRAL BANKS” Taipei, Taiwan, R.O.C. 14-17 September 2004. Presented by Shamsul Islam Junior Joint Director Audit Department. SEACEN Seminar. Organized by: South East Asian Central Bank Research & Training Centre

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'SEACEN Seminar on “INTERNAL AUDIT OF CENTRAL BANKS” Taipei, Taiwan, R.O.C. 14-17 September 2004' - salena

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
seacen seminar on internal audit of central banks taipei taiwan r o c 14 17 september 2004

SEACEN Seminar on“INTERNAL AUDIT OF CENTRAL BANKS”Taipei, Taiwan, R.O.C.14-17 September 2004

Presented by

Shamsul Islam

Junior Joint Director

Audit Department

seacen seminar

SEACEN Seminar

Organized by: South East Asian Central Bank

Research & Training Centre

(SEACEN Centre) Malaysia.

Financed by: Bank of Japan (BOJ)

Hosted by: The Central Bank of China


Royal Monetary Authority of Bhutan

Ministry of Finance, Brunei.

Reserve Bank of Fiji.

Bank Indonesia

The Bank of Korea

Bank Negara Malaysia

The Bank of Mangolia.

Nepal Rastra Bank

State Bank of Pakistan.

Bank of Papua New Guinea.

Bangko Sentral ng Pilipinas.

Central Bank of Sri Lanka.

The Central Bank of China, Taipei.

Bank of Thailand.

Banking and Payments Authority of Tinor – Leste.

Seminar Participants30 participants from the following 15 Central Banks/Monetary Authorities/Ministry of Finance.
resource persons
Resource Persons.
  • Mr. John Graham Joscelyna CA(SA) CIA

Director International Services

UHY Advisers Inc.

  • Mr. Noriyuki Tomioka

Director Internal Auditors’ Office

Bank of Japan.


Associate Professor

Department of Accounting, College of Commerce,

National Chengchi University.

issues for discussion in the seminar
  • Role of Internal Audit in Governance.
  • Identification of gaps in the Internal Audit Function and Opportunities for Improvement.
  • Internal Audit in the Risk Management Process.
  • Leveraging on Automation and Information Technology in Audit Engagements.
  • Impact of Regulations on Internal Audit.
  • Outsourcing of the Internal Audit Function.
  • Industry’s Best Practices in Internal Audit.
1 role of internal audit in governance
1. Role of Internal Audit in Governance
  • Entire audit process directly or indirectly linked with Governance Process.
  • Audit is an on going Governance Process through evaluation of the System of internal controls.
what should governance mean to audit

What should Governance mean to Audit.

Process of oversight at board level.

Relationship between board and management.

Organization of executive functions

Information flow

Key Control Process.




Impacts the Bank from top to bottom.

Determines the control environment.

Influences the bank’s culture.

pre requisite for auditors in relation to governance
Pre-requisite for Auditors in relation to Governance
  • Authority in Internal Audit Charter/IA Mandate.
  • Competence on the part of Auditors.
  • Real desire of Board and Management to include Auditors.
what should be auditor s relationship with his auditees
What should be auditor’s relationship with his auditees.


  • Picking up on their issues.
  • Questioning them on their needs.

EducatorVerification Checklist

  • Sharing best practices
  • Sharing movement in Governance practice.


  • Listen more from auditee so that auditor may educate and facilitate them.
what can auditor do
What can Auditor do?

Share Professional Best Practices

  • What reporting works best.
  • Usefulness of an independent audit
  • Usefulness of audit to the auditee.
  • How value is added to the performance of auditee.
  • Agree Audit Charter with the Board and Management.
  • Reporting of Audit activities to the Board.
  • Share International Internal Audit Standards and what they mean.
objectives of these activities
Objectives of these activities
  • Auditor has a voice in the Governance arena.
  • Auditor adds value to the views of the auditee.
  • Auditor is professional.
  • Auditor has an independent voice.
increase understanding with regard to
Increase understanding with regard to:
  • Code of Ethics.
  • Control Framework in the Bank.
  • Agreement on auditor’s work.
  • Agreement on the risks taken by the Bank.
  • Agreement on what auditor can and should do.
reliance is also sought from other players
Reliance is also sought from other players.
  • Risk Managers.
  • Compliance Officer.
  • External Auditor.
auditor s leadership in governance process
Auditor’s leadership in Governance Process.
  • Adding value at the highest level.
  • Working at a strategic level.
  • Facilitating.
  • Enabling.
2 identification of gaps in the internal audit function and opportunities for improvement
2) Identification of Gaps in the Internal Audit Function and opportunities for improvement.


  • IIAs standards.
  • Negative conception with regard to Auditors.
  • Level of competence in risk based auditing.
  • Auditor as “watchdog” and “faultfinder”.
  • Less emphasis on scientific audit programs.
  • Designing and implementing of flow charts in audit process.
  • Preparation of check list and their applications.
  • Designing of questionnaire for the auditee.
Gaps Cont………
  • Central Bank experience – Professional qualifications.
  • Professional qualifications – Central Bank experience.
  • I.T. experts - Experience of Central Bank working.
  • Central Bank working experience - I.T. expertise.
  • Lack of coordination and understanding between Internal and External Auditors.
opportunities for improvement
Opportunities for improvement:
  • Adoption of IIAs Standards.
  • To further educate the auditee with patience behavior.
  • To increase the level of competency in risk based auditing through training and by changing audit methodology.
  • To switch over in role of auditor from “watchdog” and “faultfinder” to the educator/facilitator/mentor.
  • To prepare scientific audit programs
  • To design and implement flow charting.
  • To use check list and questionnaire during the audit process.
opportunities for improvement cont d
Opportunities for improvement: cont’d…..
  • To arrange short courses/training for the officials who have a handsome experience but far behind the professional qualifications regarding audit.
  • Auditors other than I.T. should impart the I.T. training.
  • Top level management/Audit Committee should ensure the coordination and better understanding between Internal and External auditors.
3 internal audit in the risk management process
3. Internal Audit in the Risk Management Process.

Change in the role of Audit.

  • Watchdog/Faultfinder – Risk identifier/educator.

Change in Audit Methodology.

  • Compliance based audit/Financial audit – Risk Based audit.
risk based audit process
Risk Based Audit Process
  • Understanding of risks faced.
  • Assessing the exposures.
risk based audit process cont d
Risk Based Audit Process Cont’d……
  • Gather information and plan.
  • Knowledge of departments/segments/objectives.
  • Understanding of operations and procedures.
  • Prior year’s audit results.
  • Regulatory statutes, approved policies.
  • Identifying risk associated with segment/process.
risk based audit process cont d23
Risk Based Audit Process Cont’d……
  • Obtain understanding of Internal Control
  • Control environment.
  • Control procedures.
  • Matches of associated risks with controls.
risk based audit process cont d24
Risk Based Audit Process Cont’d……
  • Perform Audit Tests
  • Test effectiveness of controls and other substantive audit procedures.
risk based audit process cont d25
Risk Based Audit Process Cont’d……
  • Conclude the Audit
  • Analyse the audit findings.
  • Discuss with departmental heads and draw conclusion.
  • Recommendation for improvements.
  • Draft Report.

Risk Evaluation Family

Internal Auditor


Compliance Officer or Unit


risk based audit process cont d27
Risk Based Audit Process Cont’d……
  • Auditor’s own Risks.
  • Explicit Audit.
  • Delivering the right audit product.
  • Assuring the quality of work.
  • Maintaining professional reputation
  • Managing Human Resources.
4 leveraging on automation and information technology in audit engagements
4. Leveraging on Automation and Information Technology in Audit Engagements.
  • Why the automation is need of the time?
  • To increase in efficiency & productivity of Audit.
  • To increase in accuracy.
  • To eliminate storage of work papers.
  • To enable instantaneous communications.
  • To permit access of information via Internet.
  • To lower audit cost.
  • To faster the audit process.
Overall status of automation.
  • Initial / middle stage.
  • Working is being automated.
  • Designing of software.
  • Parallel Runs.
  • Partially live working.
  • Complete live working.
Usage of Software Tools.
  • In-house development.
  • Outsourcing the computerization.
  • Readymade Softwares.
Automation status in other Central Banks -


  • Payment System with - Real Time Gross Settlement (RTGS)
  • Government Debt Security Management with - Scriptless Securities Settlement System (SSSS).
  • Treasury and International Reserve Management with – Treasury Dealing Room Management System (TDRMS).
Computer Assisted Audit Tools and Techniques (CAATTs).
  • Readymade Softwares
  • Audit Command Language (ACL).
  • Sarbox Portal (SP)
  • Risk and Control Tracking System (RCTS).
  • Control Assessment Template (CAT).
  • Risk Navigator (RN).
  • Team Mate (TM).
  • Office-Suite Software.
Sarbanes – Oxley Software
  • 10th Annual Survey of Internal Audit Utilization of Software Tools
  • Why are you not using Sarbanes – Oxley Software?
  • Our Company is not subject to Sarbanes – Oxley – 79%.
  • Another Department in our organization handles Sarbanes – Oxley compliance 5%,
  • Sarbanes – Oxley compliance is outsource at our Organization – 1%.
  • These types of tools are too expensive – 8%.
  • Others – 10%.
5 impact of regulations on internal audit
5. Impact of Regulations on Internal Audit
  • Rules and Regulations may be National or International.
  • Evaluate how does it impact the Bank?
  • What about its stakeholders?
rules and regulations may relate to
Rules and Regulations may relate to:
  • Best practices.
  • Leading Central Bank practices.
  • IMF suggestions or demands.
  • Money Laundering
  • Reserve Management.
  • Electronic Banking.
  • Generally Accepted Accounting Principles.
  • International Accounting Standards.
  • International standards of Auditing.
  • Income Tax Laws.
  • Rules and Regulations framed by SEC.
  • Corporate Governance Rules.
impact on audit due to compliance of rules and regulations
Impact on audit due to compliance of rules and Regulations
  • Cost.
  • Responsibility
  • Control Establishment
  • Scope.
compliance of regulations is every one s business therefore
Compliance of Regulations is every one’s business, therefore:
  • Is it in the risk assessment?
  • Is it understood in the Bank’s control environment?
  • Is it in the control activities of the Bank?
  • How does management see and acts?
  • How are regulatory issues communicated?
in compliance of the regulations information communicated to the regulators
In compliance of the Regulations, information, communicated to the regulators:
  • Fair
  • Complete.
  • Transparent.
  • Independently verifiable by the Internal and External Auditor.
impact of incorrect information communicated to the regulators
Impact of Incorrect information communicated to the regulators:
  • Lack of Trust
  • Disbelief
  • Lack of credibility.
6 outsourcing of the internal audit function
6. Outsourcing of the Internal Audit Function
  • Kinds of outsourcing.
  • Special Project outsourcing.
  • Partial outsourcing.
  • Temporary staffing.
  • Full outsourcing.
determining factors if the internal auditing be outsourced
Determining factors if the Internal Auditing be outsourced:
  • Will the outsourcing of Internal Audit effect the effectiveness of corporate governance?
  • What are the advantages and disadvantages of internal audit outsourcing?
arguments in favour of outsourcing
Arguments in favour of Outsourcing:
  • Allows management to focus on core competencies.
  • Cost saving resulting from economies of scale.
  • Flexible access to expertise.
  • Access to leading practices.
arguments against outsourcing
Arguments against outsourcing:
  • By the lapse of time outsourcing provider will demand an ever greater premium for their services.
  • An external provider will not know the business as well, as the internal personnel do.
  • A valuable training ground is lost.
  • Morale of the personnel will be seriously impaired.
  • Individual Employee allegiance is to the outsourcing provider, not to the client.
  • Corporate governance is a management function which can not be outsourced.
  • Independence of external auditor will be impaired when the outsourcing provider is also external auditor.
  • Confidentiality is potentially lost.
  • Management and the audit committee lose an objective source of information.
advantages of outsourcing
Advantages of Outsourcing:
  • Smaller Organizations’ access to a broader set of skills.
  • Information systems audit skills – highly effective.
  • Innovative approaches – knowledge of “Best Practices”.
  • Integrated audit approach – Internal + External.
  • Active Management Participation – Provide direction and oversight.
disadvantages of outsourcing
Disadvantages of Outsourcing:
  • Loss of a second set of eyes and ears.
  • Confidentiality could not be maintained.
  • Outsource provider might be an auditor of commercial bank(s) to which central bank is monitoring.
  • Expertise leave the Organization.
  • Outsourcing does not build new managers.
  • Outsourcing does not have to live with the decisions or recommendations made – but still have pressure to retain the contract.
  • Difficult to rebuild internal auditing department, if outsourcing is not successful – dependency on one outside provider.
  • External Auditor may be lacking internal audit knowledge – material differences in perspective and execution:
central banks outsourced
Central Banks– Outsourced

Internal Audit function of the Reserve Bank of Fiji is outsourced.

  • Justifications for outsourcing put forth by the representative of Reserve Bank of Fiji:
  • Cost effective.
  • Provides more independence and autonomy to the auditor.
  • Outsourcing addresses the problem of resource constraints.
  • Staff can be engaged in the core areas of the Bank.
  • Expertise in the field of audit were lacking.
  • Career paths and opportunities of audit personnel is limited as only one central bank in the country.
  • Skills required for auditing are readily available in the market.

Central Banks– Outsourced Cont’d……

  • A few audit functions have been co-sourced by Central Bank of Srilanka.
  • The functions out sourced:
  • General Review of Information System.
  • Pay Role System.
  • Real Time Gross Settlement System (RTGS).
  • Justification for co-sourcing put forth by the representatives of Sri Lanka.
  • Early retirement of staff and the absence of expertise to special audit functions.
7 industry best practices in internal audit
7. Industry Best Practices in Internal Audit

Principles of Internal Audit.

  • Independence, objectivity and impartiality.
  • Audit should exercise their assignment without interference and are free to report their findings and appraisals.
  • Audit charter should be approved by the Board of Directors and should be communicated to all staff within the Bank.
  • Rotation of staff assignments within the audit department.
  • No involvement in the operations of the bank.
  • Recognition of the auditors’ independence in the audit charter.
  • Official internally transferred to audit department should not involve in the audit of his previous activity for a certain period.
principles of internal audit cont d
Principles of Internal Audit Cont’d….
  • Maintenance of professional competence:
  • On the job training.
  • Formal internal and external training.
  • Staff rotation within the Department.
  • Incentives to become a Certified Internal Auditor.
working methods and types of audit
Working methods and types of Audit
  • Working methods:
  • Drawing up a risk-based audit plan.
  • Examining and assessing the available information.
  • Communicating the results.
  • Follow up of recommendations.
  • Types of audit:
  • Financial Audit.
  • Compliance Audit.
  • Operational Audit.
  • Management Audit.
  • Risk-based Audit.
  • I.T. Audit.
audit procedure
Audit Procedure:
  • Prepare audit program and document audit procedures in working papers.
  • Distribute audit reports to auditees and senior management.
  • Follow up the audit recommendations to see whether they are implemented.
  • Inform senior management about the status of the said implementation.
management of the internal audit department
Management of the Internal Audit Department
  • The head of the Internal Audit Department is responsible for:
  • Ensuring the use of sound internal audit standards by the internal audit staff.
  • Existence of upto-date audit charter.
  • Existence of upto-date written policies and procedures for audit staff.
  • Appropriate professional competence and training of the audit staff.
  • To regularly send report to appropriate management level for discussion.
iia s international standards for the professional practice of internal auditing
IIA’s International Standards for the Professional Practice of Internal Auditing
  • The purpose, authority and responsibility of the internal audit activity should be formally defined in a charter, consistent with the standards, and approved by the board.
  • Internal auditors should be objective in performing their work.
  • Internal auditors should have impartial, unbiased attitude and avoid conflicts of interest.
  • Engagements should be performed with proficiency and due professional care.
iia s international standards for the professional practice of internal auditing cont d
IIA’s International Standards for the Professional Practice of Internal AuditingCont’d…..
  • Quality Assurance and Improvement Program Chief Audit Executive (CAE) should develop and maintain a quality assurance and improvement program which should cover:
    • All aspects of the internal audit actively and continuously monitoring its effectiveness.
    • Periodic internal and external quality assessments and ongoing internal monitoring.
    • Assurance that the internal audit activity is in conformity with the Standards and the Code of Ethics.
iia s international standards for the professional practice of internal auditing cont d56
IIA’s International Standards for the Professional Practice of Internal AuditingCont’d…..
  • Disclosure of non-compliance.
    • Internal audit actively should achieve full compliance with the Standards and internal auditors with Code of Ethics.
    • In case of full compliance not achieved, disclosure should be made to senior management and the board.
iia s international standards for the professional practice of internal auditing cont d57
IIA’s International Standards for the Professional Practice of Internal AuditingCont’d…..
  • Governance:
  • IIA’s Internal Standards for the Professional Practice of Internal Auditing. Internal audit actively should assess and make appropriate recommendations for improving the governance process for:
  • Promoting appropriate ethics and values within the organization.
  • Ensuring effective organizational performance management and accountability.
  • Effectively communicating risk and control information to appropriate areas of the organization.
  • Effectively coordinating the activities and communicating information among the board, external auditors and management.
september 17 post seminar city tour
September 17 Post Seminar City Tour
  • - Yingo Ceramics Museum
  • - Lin Family Mansion and Garden.